Memory card

ABSTRACT

A memory card has: a flash memory chip for storing digital certificates and a seed of random numbers; a controller chip which can execute a managing process for managing the digital certificates and a random number generating process for generating the pseudo random numbers by using the seed of random numbers; and an IC card chip which can execute an authenticating process for authenticating personal identification information (PIN) inputted from a host apparatus and an encrypting process for encrypting the seed of random numbers. Thus, a processing time of security processes is reduced while assuring safety of the security processes.

BACKGROUND OF THE INVENTION

[0001] The invention relates to a storage device having a securityfunction, a host apparatus into which the storage device can beinserted, and the host apparatus having the storage device. Moreparticularly, the invention relates to a memory card having a flashmemory chip and a controller, an information processing apparatus intowhich the memory card can be inserted, and the information processingapparatus having the memory card.

[0002] An IC card is constructed by embedding an IC (Integrated Circuit)chip into a plastic card substrate and has external terminals of the ICchip on its surface. As external terminals of the IC chip, there are apower terminal, a clock terminal, data input/output terminals, and thelike. A connected apparatus directly supplies a power source and a driveclock to the IC chip from the external terminals, thereby making the ICchip operative. The IC card exchanges information with the connectedapparatus such as a terminal device or the like by transmitting andreceiving an electric signal to/from the connected apparatus via theexternal terminals. As a result of the information exchange, the IC cardsends a calculation result and stored information and changes the storedinformation. On the basis of specifications of those operations, the ICcard can have a function for executing a security process such asprotection of secret data, personal identification, and the like. The ICcard is used as a user device for the personal identification in asystem in which security of secret information in a credit settlement,banking, or the like is necessary.

[0003] JP-A-2000-242750 discloses a personal identification systemcomprising: a personal digital assistant which has tamper-resistant andin which registration information has been stored; and a personalidentification apparatus which has the tamper-resistant and can makepersonal identification on the basis of the registration information inthe personal digital assistant and input information which is newlyinputted when communication with the personal digital assistant can bemade, wherein encrypting means for encrypting the registrationinformation and sending an obtained cipher text to the personalidentification apparatus when the personal identification is made isprovided as a personal digital assistant, and decrypting means forobtaining the registration information by decrypting the cipher textsent from the encrypting means and collating means for collating theregistration information obtained by the decrypting means with the inputinformation are provided as a personal identification apparatus.

[0004] JP-A-2000-338868 discloses a first issuing method of the publickey certificates such that: among a plurality of basic information forpublic key certificates formed on the basis of predetermined applyinginformation, signature data for the one format is formed with respect tothe basic information for the one format as a target; a public keycertificate for another format is formed by including signature data foranother format with respect to the formed basic information andsignature data and the basic information for that another format astargets; the basic information for the one format, the signature datafor the one format, the basic information for that another format, andthe signature data for that another format are obtained from the formedpublic key certificates; and a public key certificate for the one formatis formed on the basis of the obtained basic information and signaturedata. JP-A-2000-338868 also discloses a second issuing method of thepublic key certificates such that: signature data is formed with respectto a coupling hash value, as a target, in which basic information of aplurality of formats for public key certificates formed on the basis ofpredetermined applying information are arranged in predetermined orderand hash values of the basic information are coupled; and a public keycertificate is formed by including the basic information correspondingto a format which can be used on an applicant side, the hash valuesformed from the basic information of formats other than the format ofthe basic information, and the formed signature data.

[0005] JP-A-2001-357365 discloses a data storage device comprising:input/output control means for controlling an input and an output ofdata to/from an information processing apparatus; first storage controlmeans for controlling storage of the data corresponding to a pluralityof services; and second storage control means for controlling storage ofa first service ID corresponding to a first service among the pluralityof services and a second service ID corresponding to a second service,among the plurality of services, in which the input/output of the dataare permitted in the case where the input/output of the data regardingthe first service are controlled by the input/output control means.

[0006] JP-A-2002-024773 discloses an IC card service addition permittingapparatus comprising: service addition information storing means forholding service addition information regarding an IC card; and serviceaddition permitting means for receiving service addition request data tothe IC card and encrypted IC card issuer data recorded in the IC card,authenticating the encrypted IC card issuer data by key informationgiven in order to confirm an issuer of the IC card, sending serviceaddition permission data when the issuer of the IC card is confirmed,writing information regarding the permitted service addition to theservice addition information storing means, and sending service additioninhibition data when the issuer of the IC card is not confirmed.

[0007] According to the conventional techniques, since all securityprocesses are executed by the IC card chip, a processing time is long.That is, since processing ability of a CPU of the IC card chip is lowerthan that of a CPU of a controller of a memory card, processes which areexecuted by software among the security processes take time. In the caseof executing all of the security processes by the controller of thememory card, since tamper-resistant of the controller of the memory cardis lower than that of the IC card chip, the controller is easilysubjected to attack from the outside, and safety of the securityprocesses cannot be assured.

SUMMARY OF THE INVENTION

[0008] It is an object of the invention to provide a storage device inwhich a processing time of security processes is reduced while assuringsafety of the security processes.

[0009] According to the invention, among a series of security processes,a controller in a memory card executes a managing process for managingdigital certificates and a random number generating process forgenerating pseudo random numbers by using a seed of random numbers, andan IC card chip in the memory card executes an authenticating processfor authenticating personal identification number (PIN) inputted from ahost apparatus and an encrypting process for encrypting the seed of therandom numbers by using a key corresponding to a key held in a server.

[0010] The series of security processes denotes, for example, processessuch that in the case where the host apparatus having the memory cardand the server exchange information or the host apparatus reproducesinformation, hacking or alteration which is made by the third partywithout browsing/using authorization of the information is prevented byusing an encrypting technique or the like.

[0011] According to the invention, there is an effect such that theprocessing time of the security processes is reduced while assuringsafety of the security processes of the storage device.

[0012] Other objects, features and advantages of the invention willbecome apparent from the following description of the embodiments of theinvention taken in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0013]FIG. 1 is a diagram showing an internal construction of a memorycard to which the invention is applied;

[0014]FIG. 2 is a flowchart showing an executing process of securityprocesses by the memory card to which the invention is applied;

[0015]FIG. 3 is a flowchart for a security process program which isexecuted by an IC card chip in the flowchart shown in FIG. 2;

[0016]FIG. 4 is a flowchart for a security process program which isexecuted by a controller chip in the flowchart shown in FIG. 2;

[0017]FIG. 5 is a flowchart showing a process for confirming whether thesecurity processes in FIG. 2 can operate or not; and

[0018]FIG. 6 is a diagram showing an example of formats of secure writedata and secure read data.

DESCRIPTION OF THE EMBODIMENTS

[0019] An embodiment of the invention will be described hereinbelow.

[0020]FIG. 1 simply shows an internal constructional diagram of a memorycard to which the invention is applied. It is preferable that a memorycard 1001 conforms with the MultiMediaCard specifications.MultiMediaCard is a registered trademark of Infineon Technologies AG.The memory card 1001 has a function for executing two kinds ofprocesses: a storage process for reading or writing file data which isused by a host apparatus when an external terminal 1002 connected to anoutside issues a memory card command; and a security process such as acryptographic operation or the like which is necessary for secret dataprotection, user authentication, or the like. The secret data denotes aprivate key, a digital certificate, and the like which are peculiar tothe owner of the memory card 1001. The user authentication denotes afunction such that before the owner is permitted to use those secretdata, the memory card 1001 itself discriminates whether the person whoaccesses is the owner himself of the memory card 1001 or not. A userauthentication system which is used in the embodiment is a systemwhereby personal identification information (hereinafter, abbreviated toPIN) such as personal identification number, biometrics information, orthe like which the owner individually memorizes is inputted to thememory card 1001 via a host apparatus 1401 and whether it coincides withreference data (hereinafter, referred to as a reference PIN) in thememory card 1001 or not, thereby specifying that he is the true owner.

[0021] The memory card 1001 has: an external terminal 1002 forconnecting to the host apparatus 1401; a controller chip 1101 forcontrolling the writing of file data into a flash memory chip 1301, thereading of the file data from the flash memory chip 1301, and theerasure of the file data in the flash memory chip 1301; the flash memorychip 1301 which can store data; and an IC card chip 1201 for encryptingor decrypting the data by using a public key or a private key. Thememory card 1001 receives a standard memory card command (command foraccessing the flash memory chip 1301) and a secure command for executingthe security processes via a single external interface. The controllerchip 1101 has a function for selecting the chip (either the flash memorychip 1301 or the IC card chip 1201) to be accessed in accordance withwhether the command received by the memory card 1001 is the standardmemory card command or the secure command and, further, in the case ofthe secure command, in accordance with contents of the requestedsecurity process and distributing command processes. When the controllerchip 1101 receives the standard memory card command, it selects theflash memory chip 1301, issues a flash memory command to it, and readsor writes data for the host apparatus. When the controller chip 1101receives the secure command, it discriminates whether the securityprocess instructed by the command should be executed by the IC card chip1201 or not. If the security process is a process which should beexecuted by the IC card chip 1201, the controller chip 1101 selects theIC card chip 1201, issues an IC card command, and executes the desiredsecurity process. If the security process is not the process whichshould be executed by the IC card chip 1201, the security process isexecuted in the controller chip 1101.

[0022] The host apparatus 1401 corresponds to, for example, a cellularphone, a PDA (Personal Digital Assistant), a personal computer, a musicplayer, a camera, a video camera, an automatic teller machine, a kiosk,a settlement terminal, or the like.

[0023] The flash memory chip 1301 is a memory chip using a non-volatilesemiconductor memory as a storing medium and can read and write filedata by a flash memory command which is transmitted from the controllerchip 1101. The flash memory chip 1301 stores digital certificate 1302which is used for the security process that is executed in thecontroller chip 1101 and a seed 1303 of random numbers serving as anorigin of generation of the random numbers.

[0024] The external terminal 1002 is constructed by a plurality ofterminals and includes a power supply terminal, a clock input terminal,a command input/output terminal, a data input/output terminal, and aground terminal in order to exchange information with the external hostapparatus 1401.

[0025] The IC card chip 1201 is a microcomputer chip to be embedded intoa plastic substrate of the IC card. Its external terminal, electricsignal protocol, and commands conform with the ISO/IEC7816 standard. Asexternal terminals of the IC card chip 1201, there are a power supplyterminal, a clock input terminal, a reset input terminal, an I/O(input/output) terminal, and a ground terminal. The controller chip 1101issues an IC card command (command which can be interpreted by the ICcard chip 1201) to the IC card chip 1201 from the external terminal ofthe IC card chip 1201, so that it can execute arithmetic operationsnecessary for the security processes.

[0026] The controller chip 1101 is connected to other component elements(the external terminal 1002, the flash memory chip 1301, the IC cardchip 1201) in the memory card 1001 and is a microcomputer chip whichplays a main role for controlling them. A CPU 1111 provided in thecontroller chip 1101 controls all other elements constructing thecontroller chip 1101 in accordance with a program built therein. A hostinterface control logic 1102 is a logic circuit for executing anelectric signal protocol when the CPU 1111 in the memory card 1001receives the memory card command from the external host apparatus 1401or transmits a memory card response to the received command to theexternal host apparatus 1401. A flash memory interface control logic1103 is a logic circuit for executing an electric signal protocol whenthe CPU 1111 sends the flash memory command for transferring the filedata being read or to be written between the CPU 1111 and the flashmemory chip 1301 or when the CPU 1111 receives a response to such acommand. An IC card interface control logic 1104 is a logic circuit forexecuting an electric signal protocol when the IC card command istransmitted between the CPU 1111 and the IC card chip 1201 or when theCPU 1111 receives a response to such a command. The CPU 1111 includesnot only a program for controlling the above three kinds of controllogics 1102, 1103, and 1104 but also the programs 1112 and 1113 forexecuting the foregoing security processes. The PIN process program 1112describes processes which are executed in the controller chip 1101 uponuser authentication. The security process B program 1113 describes othersecurity processes which are executed in the controller chip 1101. Asspecific contents of them, certificate management 1114 and random numbergeneration 1115 are included. In those processes, the digitalcertificate 1302 and the seed 1303 of random numbers which have beenstored in the flash memory chip 1301 are used, respectively. Further,the controller chip 1101 includes a PIN authentication register B 1105for temporarily holding a state of the user authentication. The words“temporarily holding” denote that when a power source is supplied, thedata can be held and when the power supply is stopped, the held data isextinguished (abandoned).

[0027] The IC card chip 1201 comprises: a CPU 1202 for executing anarithmetic operating process; a PIN authentication register A 1203 fortemporarily holding the state of the user authentication; an EEPROM(Electrically Erasable Programmable Read Only Memory) 1211 as anon-volatile memory; and a cryptography coprocessor 1204 for executing aprocess regarding RSA cryptography as a kind of asymmetric cryptography.By using the cryptography coprocessor 1204, the IC card chip 1201executes the security processes based on the RSA cryptography. Thesecurity processes denote, for example, creation and verification of adigital signature and cryptography and decryption of secret data. The ICcard chip 1201 can also execute the security processes by using not onlythe cryptography coprocessor 1204 (hardware) but also a program(software) in the CPU 1202. It is assumed that program processingperformance of the CPU 1202 is lower than that of the CPU 1111 (however,the memory card to which the invention is applied can be a card in whichthe program processing performance is not lower). The EEPROM 1211 storesdata and programs which are used for the security processes which areexecuted in the CPU 1202 or by the cryptography coprocessor 1204.Specifically speaking, the EEPROM 1211 stores a private key 1217 for theRSA cryptography, a PIN reference 1218 for the user authentication, anda security process A program 1212 describing the security processeswhich are executed in the IC card chip. As contents of the securityprocess A program 1212, PIN verification 1213 for the userauthentication, key setting 1214 for RSA cryptography calculation, aprivate key arithmetic operation 1215 by the RSA cryptography, and apublic key arithmetic operation 1216 by the RSA cryptography areincluded. The RSA cryptography coprocessor 1204 is used for execution ofremainder multiplication which is necessary in the processes of thearithmetic operations 1215 and 1216.

[0028] A memory capacity of the EEPROM 1211 of the IC card chip 1201 issmaller than that of the flash memory chip 1301. However, when theinvention is applied, the memory capacity of the EEPROM 1211 of the ICcard chip 1201 can be also equal to or larger than that of the flashmemory chip 1301.

[0029] A product which has already been authenticated by theEvaluation/Authentication Office of ISO/IEC15408 as an internationalstandard of the security evaluation reference is used as an IC card chip1201. Generally, when an IC card having a function for executing thesecurity processes is used for actual electronic fund transfer serviceor the like, the IC card needs to be subjected to the evaluation andauthorization by the Evaluation/Authentication Office of ISO/IEC15408.It is preferable that the memory card 1001 has therein the IC card chip1201 which has already been authenticated by theEvaluation/Authentication Office. The memory card 1001 has a structurein which a part of the security processes can be executed by using thisIC card chip 1201. The controller chip 1101 does not always need to besubjected to the evaluation and the authorization mentioned above. Byusing the IC card chip 1201, the memory card 1001 obtains the functionfor executing the security processes which need to assure intensityhigher than that of the security which can be assured in the securityprocesses which are executed in the controller chip 1101.

[0030] The power supply terminal, clock input terminal, reset inputterminal, and I/O (input/output) terminal of the external terminals ofthe IC card chip 1201 are connected to the controller chip 1101.

[0031] The controller chip 1101 controls a power supply and a clocksupply to the IC card chip 1201 via the power supply terminal and theclock input terminal. In order to set the IC card chip 1201 to which nopower source is supplied into a mode where it can receive the IC cardcommand, first, the power supply to the IC card chip 1201 is started anda resetting process (including the start of the clock supply) based onthe ISO/IEC7816-3 standard is executed. For example, when the memorycard 1001 receives the command for executing the security processes fromthe host apparatus 1401, the controller chip 1101 can start the powersupply to the IC card chip 1201 via the power supply terminal by usingsuch reception timing as a trigger. Or, even if no security process isexecuted, the power supply to the IC card chip 1201 is maintained and,when the memory card 1001 receives the command for executing thesecurity processes from the host apparatus 1401, the controller chip1101 can execute the resetting process of the IC card chip 1201 via thereset input terminal by using such reception timing as a trigger. It isdesirable that as for the memory card 1001, the clock signal which issupplied to the IC card chip 1201 via the clock input terminal of the ICcard chip 1201 is generated in the controller chip 1101 independently ofthe clock input signal from the outside of the card and a frequency,supply start timing, and supply stop timing of the clock signal arecontrolled.

[0032] Subsequently, contents of the security processes which areexecuted in the memory card 1001 in FIG. 1 to which the invention isapplied will be described. The memory card 1001 mainly executes thefollowing four kinds of security processes. (1) PIN verification for theuser authentication. (2) Reading/updating of the digital certificate.(3) Generation of pseudo random numbers. (4) Arithmetic operations bythe RSA cryptography system. Among them, the execution of the processes(2) to (4) is permitted only after the user is correctly authenticatedby the process (1). However, when the power supply to the memory card1001 is stopped, it is assumed that the authentication result by theprocess (1) is abandoned (the system enters a state where the user isnot authenticated). To execute the processes (2) to (4) after the powersupply is restarted, first, the user needs to be again correctlyauthenticated by the process (1). An example of the system to which thesecurity processes are applied will be described hereinbelow. The hostapparatus 1401 having the function of connecting to the network and theuser who operates it make secured data communication (for example,download of personal information) which does not permit wiretapping orimpersonation with a remote server 1501 on the network by using thesecurity processes. First, the verification or the like of the digitalcertificate is made by the process (4) on the basis of the userauthentication by the process (1) and mutual authentication is executedbetween the server 1501 and the host apparatus 1401. Thus, both of themcan share the secret data. It is a seed for generation of the pseudorandom numbers. Subsequently, the controller chip 1101 generates thepseudo random numbers from such a seed by the process (3) and encryptsor decrypts information to be exchanged between the server 1501 and thehost apparatus 1401 by those random numbers. Both of them transmit theencrypted information via the network. For example, the host apparatus1401 encrypts the information which is transmitted to the server 1501 byusing the pseudo random numbers or decrypts the information receivedfrom the server 1501. The controller chip 1101 can also generate thepseudo random numbers in (3) in response to the command from the hostapparatus 1401 each time the host apparatus 1401 and the server 1501establish a communication session (that is, the pseudo random numbersare valid only for a period of time from the establishment of thecommunication session to its disconnection). Only the server 1501 andthe host apparatus 1401 having the random number seed 1303 can decryptthe cipher. The communication data can be securely exchanged by theabove method. A digital certificate of the user himself, a digitalcertificate of the host apparatus 1401, a digital certificate of acommunication partner (server 1501) of the host apparatus 1401, acertificate of a certificate authority which issued them, and the likecan be managed in the memory card 1001 by the process (2). When the hostapparatus 1401 downloads file data from the server 1501, the hostapparatus 1401 transmits the digital certificates to the server 1501.The server 1501 verifies validity of the host apparatus 1401 by usingthe digital certificates sent from the host apparatus 1401. If it isdetermined as a result of the verification that the host apparatus 1401is valid, the host apparatus 1401 permits the download of the file data.If it is determined that the host apparatus 1401 is invalid, the hostapparatus 1401 refuses the download of the file data. It is preferablethat the digital certificate of the user himself is used for settlementor the like. It is preferable that the digital certificate of the hostapparatus 1401 is used for the host apparatus 1401 to obtain theinformation from the server 1501.

[0033] The processes of (2) and (3) among the four kinds of securityprocesses which are executed by the memory card 1001 are executed in thecontroller chip 1101 and the processes of (1) and (4) are executed inthe IC card chip 1201. That is, since tamper-resistant of the IC cardchip 1201 is higher than that of the controller chip 1101, that is, theIC card chip 1201 is stronger against an attack from the outside, it ismore safe if the PIN reference 1218 is held by the IC card chip 1201.All of the four kinds of processes can be also executed in the IC cardchip 1201 in consideration of a purpose for assuring higher securityintensity. The above distributing method has the following twoadvantages from a viewpoint of improvement of a convenience for theuser. First, the number of digital certificates (indicating 1302 storedin the flash memory chip 1301) which can be handled by the process of(2) can be set to be larger than the number of digital certificateswhich can be stored in the EEPROM 1211 of the IC card chip 1201. Second,a processing time which is required for execution of (3) can be set tobe shorter than that in the case where it is executed by the IC cardchip 1201 (in dependence on a difference of performance of the CPU).That is, since processing ability of the CPU 1111 of the controller chip1101 is higher (its processing speed is higher) than that of the CPU1202 of the IC card chip 1201, as a speed of the processes to beexecuted by software, the speed of the processes executed by thecontroller chip 1101 is higher. On the other hand, since a processingspeed of the cryptography or decryption which is executed by thecryptography coprocessor 1204 as hardware is higher than that of thecryptography or decryption which is executed by the software, aprocessing speed of the cryptography or decryption which is executed bythe IC card chip 1201 is higher. Since the discrimination about thepermission of the execution of the processes (2) and (3) is made on thebasis of a processing result of (1), a mechanism for correctlytransferring the processing result of (1) in the IC card chip 1201 tothe controller chip 1101 is needed. As will be explained hereinlater,such a problem is solved by applying the invention.

[0034]FIG. 2 is a flowchart showing detailed processes at the time ofallowing the memory card 1001 in FIG. 1 to which the invention isapplied to execute the security processes. To execute the securityprocesses, there are two kinds of commands as secure commands mentionedabove: the first is a secure write command; and the second is a secureread command. The secure write command is a command for transmittingdata including contents of the security processes which are required bythe host apparatus 1401 (hereinafter, such data is referred to as securewrite data) to the memory card 1001. The secure read command is acommand for allowing the host apparatus 1401 to read out data includingresults of the security processes (hereinafter, such data is referred toas secure read data). The host apparatus 1401 issues those two kinds ofcommands and allows the memory card 1001 to execute the securityprocesses. Although the security processes include a plurality ofprocesses, one of them can be executed by issuing one set of the securewrite command and the secure read command.

[0035] An executing procedure for the security processes will bedescribed in detail with reference to a flowchart of FIG. 2. First, thehost apparatus 1401 transmits the secure write command to the memorycard 1001 (2101) and, subsequently, transmits the secure write dataincluding contents of the requested security process (2102). Thecontroller chip 1101 converts the secure write data into an IC cardcommand (2201). Whether the IC card command is a command for verifying aPIN input or not is discriminated (2202). If it is the PIN verification,a PIN input portion in the IC card command is replaced with the portionobtained by encrypting the original PIN input by the PIN process program1112 (2203). The processing routine advances to step 2205. A secret keywhich has previously been shared between the controller chip 1101 andthe IC card chip 1201 (hereinafter, such a key is referred to as a chipcommon key) is used as a key for encrypting the PIN input. Thus, the PINinput which is transferred between the two chips can be protectedagainst the illegal alteration. The chip common key has been describedin the PIN process program 1112. If the IC card command is not the PINverification command in step 2202, whether the IC card command is acommand which should be executed in the IC card chip or not isdiscriminated (2204). If it should be executed in the IC card, step 2205follows. If NO, step 2206 follows. In step 2205, the IC card command istransmitted to the IC card chip 1201 and step 2301 follows. In step2206, the security process B program 1113 is executed on the basis ofthe IC card command. Details in the program 1113 will be describedhereinlater with reference to FIG. 3. A processing result is convertedinto secure read data (2209). The IC card chip 1201 receives the IC cardcommand in step 2301 and executes the security process A program 1212 onthe basis of the IC card command (2302). Details in the program 1212will be described hereinlater with reference to FIG. 4. A processingresult is transmitted as an IC card response to the controller chip 1101(2303). The controller chip 1101 receives the IC card response (2207)and discriminates whether the IC card response is a response to the PINverification command or not (2208). If it is not the response to the PINverification, step 2209 follows and a processing result is convertedinto the secure read data. If it is the response to the PINverification, step 2210 follows. A data portion showing the verificationresult in the response to the PIN verification has been encrypted by thechip common key in the IC card chip 1201. In step 2210, the controllerchip 1101 decrypts the encrypted verification result by the chip commonkey by the PIN process program 1112, thereby reconstructing theverification result. By this means, the PIN verification result which istransferred between the two chips can be protected against the illegalalteration in a manner similar to that mentioned above. Subsequently,the controller chip 1101 discriminates whether the PIN verificationresult is data showing “coincides with the PIN reference” or datashowing “does not coincide with the PIN reference” (2212). If it is thedata showing “coincides with the PIN reference”, data showing“authenticated” is set into the PIN authentication register B 1105 inthe controller chip 1101 (2213) and step 2209 follows. Since an objectof the PIN authentication register B 1105 is to temporarily hold thedata, it is desirable to install it by a volatile RAM (Random AccessMemory) and it is desirable that the contents in the PIN authenticationregister B 1105 cannot be freely rewritten from the outside of thememory card 1001. On the other hand, if the PIN verification result isthe data showing “does not coincide with the PIN reference”, the datashowing “authenticated” is not set into the PIN authentication registerB 1105 but step 2209 follows. After step 2209, the memory card 1001enters a mode to wait for the next command by the host apparatus 1401(2211). When the secure read command is transmitted to the memory card1001 by the host apparatus 1401 (2103), the memory card 1001 transmitsthe secure read data obtained in step 2209 (2214). The host apparatus1401 receives it (2104). In this manner, the execution of one of thesecurity processes is completed.

[0036]FIG. 3 shows a detailed processing flow for the security process Aprogram 1212 in the IC card chip 1201 in step 2302 in FIG. 2. As a firststep of the security process A program 1212, whether the IC card commandis the PIN verification command or not is discriminated (3103). If YES,the PIN input (which has been encrypted by the PIN process program 1112)inputted by this command is decrypted by the foregoing chip common key(3104) and its value is compared with the value of the PIN reference1218 (3105). Whether a comparison result indicates “coincides” or “doesnot coincide” is discriminated (3106). If it is “coincides”,“authenticated” is set into the PIN authentication register A 1203(3107) and step 3109 follows. Since an object of the PIN authenticationregister A 1203 is to temporarily hold the data, it is desirable toinstall it by a volatile RAM in a manner similar to the PINauthentication register B 1105 and it is desirable that the contents inthe PIN authentication register A 1203 cannot be freely rewritten fromthe outside of the IC card chip 1201. If the verification result is“does not coincide”, a verification error process is executed (3108) andstep 3109 follows. The verification error process denotes a process forcounting the number of times of accumulation of the discriminationresult indicative of “does not coincide”, or the like. For example, ifthe number of times of accumulation exceeds a predetermined number, useof the present security process is perfectly stopped, thereby improvingthe safety from illegal use. The PIN verification result is encrypted bythe chip common key in step 3109. The processing routine advances tostep 3118 and an IC card response including the encrypted PINverification result is formed. If the IC card command is not the PINverification command in step 3103, whether it is a public key settingcommand (command for presetting a key which is used for a public keyarithmetic operation by the RSA cryptography system) or not isdiscriminated (3110). If YES, the public key inputted with the publickey setting command from the host apparatus 1401 is set into a register(RAM is desirable) in the CPU 1202 (3111). Step 3118 follows and an ICcard response including information showing whether the public key hassuccessfully been set or not is formed. If the IC card command is notthe public key setting command in step 3110, whether it is the publickey arithmetic operation command by the RSA cryptography system or notis discriminated (3112). If YES, whether “authenticated” has been set inthe PIN authentication register A 1203 or not is discriminated (3113).If “authenticated” has been set, the RSA cryptography arithmeticoperation is executed to the inputted data by the cryptographycoprocessor 1204 by using the public key set by the public key settingcommand (3114). If “authenticated” is not set, step 3114 is notexecuted. The processing routine advances to step 3118 and an IC cardresponse including the output data by the public key arithmeticoperation or the information showing whether the arithmetic operationhas successfully been executed or not is formed. If the IC card commandis not the public key arithmetic operation command in step 3112, whetherit is a private key arithmetic operation command by the RSA cryptographysystem or not is discriminated (3115). If YES, whether “authenticated”has been set in the PIN authentication register A 1203 or not isdiscriminated (3116). If “authenticated” has been set, the RSAcryptography arithmetic operation is executed to the inputted data bythe cryptography coprocessor 1204 by using the private key 1217 (3117).If “authenticated” is not set, step 3117 is not executed. The processingroutine advances to step 3118 and an IC card response including theoutput data by the private key arithmetic operation or the informationshowing whether the arithmetic operation has successfully been executedor not is formed. If the IC card command is not the private keyarithmetic operation command in step 3115, step 3118 follows and an ICcard response including information showing that the command could notbe interpreted is formed. In this manner, the security process A program1212 is completed. One of the input data to be subjected to thecryptographic operation in step 3114 is seed data for generating thepseudo random numbers mentioned above and has been stored as randomnumber seed 1303 in the flash memory chip 1301.

[0037]FIG. 4 is a detailed processing flow for the security process Bprogram 1113 in the controller chip 1101 in step 2206 in FIG. 2. As afirst step of the security process B program 1113, whether the IC cardcommand is a file selecting command (command for selecting the digitalcertificate to be accessed) or not is discriminated (4103). If YES, acertificate file indicated by an ID (IDentification) number which isinputted by such a command is searched from the file (or from aplurality of files) of the digital certificate 1302 in the flash memorychip 1301 by a program of the certificate management 1114 and the IDnumber of the found certificate file is set into a register (RAM isdesirable) in the CPU 1111. If the certificate file cannot be found, aspecial number showing the failure in selection can be set (4104). Step4113 follows and an IC card response including information showing afile selection result is formed. If the IC card command is not the fileselecting command in step 4103, whether it is a file read command(command for reading out the digital certificate) or not isdiscriminated (4105). If YES, the digital certificate shown by the IDnumber set in the register is read out from the flash memory chip 1301by the program of the certificate management 1114 (4106). Step 4113follows and an IC card response including the read-out digitalcertificate is formed. If the IC card command is not the file readcommand in step 4105, whether it is a file updating command (command forupdating the digital certificate) or not is discriminated (4107). IfYES, whether “authenticated” has been set in the PIN authenticationregister B 1105 or not is discriminated (4108). If “authenticated” hasbeen set, the update data inputted together with this command isoverwritten into the file area on the flash memory chip 1301 occupied bythe digital certificate shown by the ID number set in the register bythe program of the certificate management 1114. If a size of update datais larger than a size of such a file area, or the like, the data is notupdated (4109). If “authenticated” is not set in step 4108, step 4109 isnot executed. Step 4113 follows and an IC card response includinginformation showing whether the update is successful or not is formed.If the IC card command is not the file updating command in step 4107,whether it is a random number generating command or not is discriminated(4110). If YES, whether “authenticated” has been set in the PINauthentication register B 1105 or not is discriminated (4111). If“authenticated” has been set, the pseudo random numbers are generated bya program of the pseudo random number generation 1115 by using therandom number seed 1303 in the flash memory chip 1301 (4112). If“authenticated” is not set, step 4112 is not executed. Step 4113 followsand an IC card response including the generated random number data orinformation showing whether the generation is successful or not isformed. If the IC card command is not the random number generatingcommand in step 4110, step 4113 follows and IC card response includinginformation showing that the command could not be interpreted is formed.In this manner, the security process B program 1113 is completed. Forthe purpose of protecting the data, the digital certificate 1302 can bealso stored into the flash memory chip 1301 in a state where the datahas been encrypted or a signature has been added to the data. In thiscase, decryption of the certificate and verification of the signatureare also executed in step 4106 and creation of the signature andcryptography of the certificate are also executed in step 4109.

[0038] Subsequently, functions which the memory card 1001 to which theinvention is applied has in order to improve the stability uponexecution of the security processes will be explained. As will beobviously understood from the above explanation, the security processesare normally executed only when the security process A program (1212)and the security process B program (1113) existing in the two chipscooperate. Therefore, if the security process A program 1212 does notexist in the IC card chip 1201 due to some cause (for example,destruction or the like of the storage data due to deterioration of theEEPROM 1211), the security processes are not normally executed. FIG. 5is a flowchart showing processes which are executed by the memory card1001 in order to improve the execution stability of the securityprocesses so as to cope with such a problem. The memory card 1001 has afunction for interpreting a command called “security process confirmingcommand”. The security process confirming command is a command forallowing the memory card 1001 to previously confirm whether the securityprocesses can operate normally or not. The IC card chip 1201 has afunction for interpreting a command called “program existence confirmingcommand”. Processing steps of the “security process confirming command”will be described in detail in accordance with the flowchart of FIG. 5.First, the host apparatus 1401 transmits the “security processconfirming command” (5101). The controller chip 1101 receives such acommand and transmits the “program existence confirming command” to theIC card chip 1201 (5201). Thus, the IC card chip 1201 searches whetherthe security process A program exists in the EEPROM 1211 or not and ifsuch a program is found, the program is set into a mode in which it canbe used (5301). Subsequently, a search result (existence or absence) istransmitted as an IC card response to the controller chip 1101 (5302).The controller chip 1101 knows the existence of the security process Aprogram 1212 from the received IC card response (5202). If the securityprocess A program 1212 exists, the security process B program 1113 isset into a mode in which it can be executed (5203). If the securityprocess A program 1212 does not exist, the process in step 5203 is notexecuted. By the above processes, the execution stability of thesecurity processes is improved.

[0039]FIG. 6 shows an example of a format of each of the secure writedata which is transmitted to the memory card 1001 in step 2102 in FIG. 2and the secure read data which is received by the host apparatus 1401 instep 2104. It is preferable to apply those formats to the case where thecontents of the requested security processes can be expressed by one ICcard command and results of the security processes can be expressed byone IC card response. As mentioned above, both of the IC card commandwhich is transmitted to the IC card chip 1201 and the IC card responsewhich is received from the IC card chip 1201 conform with theISO/IEC7816-4 standard. According to this standard, in the constructionof the IC card command, a header of 4 bytes (a class byte CLA, aninstruction byte INS, and parameter bytes P1 and P2) are indispensableand an input data length indication byte Lc, input data DataIn, and anoutput data length indication byte Le follow as necessary. In theconstruction of the IC card response, statuses SW1 and SW2 of 2 bytesare indispensable and output data DataOut is followed by them asnecessary. Secure write data 6001 in the format is constructed in amanner such that a format identifier FID 6003 and an IC card commandlength Lca 6004 are followed by an IC card command 6002 and, further,dummy data 6005 is padded after the IC card command 6002. The FID 6003includes an identification number of the format or attribute data of theformat. A value of the Lca 6004 is equal to a value obtained by summinglengths of component elements of the IC card command 6002. Secure readdata 6101 is constructed in a manner such that a format identifier FID6103 and an IC card response length Lra 6104 are followed by an IC cardresponse 6102 and, further, dummy data 6105 is padded after the IC cardresponse 6102. The FID 6103 includes an identification number of theformat or attribute data of the format. A value of the Lra 6104 is equalto a value obtained by summing lengths of component elements of the ICcard response 6102. The diagram shows the examples of the formats in thecase where Lc, DataIn, and Le are included in the IC card command andDataOut is included in the IC card response. In many memory cards,according to the specification of the read/write command of the filedata, it is a standard manner that the data to be read/write accessed isprocessed on a unit basis of a block of a fixed length. Therefore, it ispreferable that a size of each of the secure write data 6001 and thesecure read data 6101 is made to coincide with a block size according tothe specification of the standard memory card command of the memory card1001. The dummy data 6005 and 6105 is applied to make the size of eachof the secure write data 6001 and the secure read data 6101 coincidewith the block size. It is desirable that a sector size (512 bytes) inthe FAT system which a general small memory card uses in a logical filesystem is used as a value which is used as a block size. The dummy data6005 and 6105 to be padded can be set to all 0, random numbers, or achecksum which is used for the CPU 1111 or the host apparatus 1401 todetect or correct data errors. The value of the Lca 6004 is used for theCPU 1111 to remove the dummy data 6005 from the secure write data 6001.The value of the Lra 6104 is used for the host apparatus 1401 to removethe dummy data 6105 from the secure read data 6101.

[0040] It should be further understood by those skilled in the art thatalthough the foregoing description has been made on embodiments of theinvention, the invention is not limited thereto and various changes andmodifications may be made without departing from the spirit of theinvention and the scope of the appended claims.

What is claimed is:
 1. A memory card comprising a flash memory, acontroller, and an IC card chip, wherein said flash memory stores adigital certificate necessary for an external host apparatus to obtaindata from a server which can communicate with said host apparatus and aseed of random numbers serving as an element of random numbers which areused for mutually exchanging said data between said server and said hostapparatus, said controller can execute a managing process for managingsaid digital certificate and a random number generating process forgenerating said pseudo random numbers by using said seed of randomnumbers, and said IC card chip can execute an authenticating process forauthenticating personal identification number information inputted fromsaid host apparatus and an encrypting process for encrypting said seedof random numbers by using a key corresponding to a key held by saidserver.
 2. A card according to claim 1, wherein said controller has aregister to which an access from said host apparatus is limited, andsaid controller sets predetermined data into said register on the basisof an authentication result of said personal identification informationby said IC card chip before said random number generating process isexecuted.
 3. A card according to claim 2, wherein said IC card chipencrypts the authentication result of said personal identificationinformation by using a common key which is shared between said IC cardchip and said controller and outputs the encrypted authentication resultof said personal identification information to said controller, and saidcontroller decrypts the encrypted authentication result of said personalidentification number information by using said common key and sets saidpredetermined data into said register on the basis of the decryptedauthentication result of said personal identification information.
 4. Acard according to claim 2, wherein said register abandons saidpredetermined data set in said register when a supply of a power sourceto said controller is stopped.
 5. A card according to claim 2, whereinsaid controller starts the execution of said random number generatingprocess if it is determined that said personal identificationinformation has successfully been authenticated with reference to saidpredetermined data in said register.
 6. A card according to claim 1,wherein said managing process includes a process for updating or addingsaid digital certificate.
 7. A card according to claim 1, wherein saidIC card chip has a cryptography coprocessor for encrypting said seed ofrandom numbers.
 8. A memory card according to claim 1, whereintamper-resistant of said IC card chip is higher than that of saidcontroller, and said IC card chip holds reference information which isused for authenticating said personal identification informationinputted from said host apparatus and compares said referenceinformation with said personal identification information, therebyauthenticating said personal identification information.
 9. A storagedevice comprising: a non-volatile memory; a controller for executing apredetermined process in response to a command from an external hostapparatus; and an IC for executing a predetermined process in responseto a command from said controller, wherein said controller can executesa part of a series of security processes necessary for exchanginginformation between a server and said host apparatus via a network, andsaid IC executes another part of said series of security processes. 10.A device according to claim 9, wherein a part of said series of securityprocesses includes a random number generating process for generatingrandom numbers for encrypting or decrypting said information, andanother part of said series of security processes includes anauthenticating process for authenticating said personal identificationinformation inputted from said host apparatus when said series ofsecurity processes is started.
 11. A device according to claim 10,wherein said IC has a first register for temporarily holdingpredetermined data, said controller has a second register fortemporarily holding predetermined data, said IC can set saidpredetermined data into said first register when said personalidentification information has successfully been authenticated, andexecutes another part of said series of security processes when saidpredetermined data has been set in said first register, and saidcontroller can set said predetermined data into said second registerwhen said personal identification information has successfully beenauthenticated, and executes a part of said series of security processeswhen said predetermined data has been set in said second register.
 12. Adevice according to claim 10, wherein said non-volatile memory stores aseed of random numbers serving as an element of said random numbers,said random number generating process falsely generates the randomnumbers by using said seed of random numbers, and another part of saidseries of security processes includes an encrypting process forencrypting said seed of random numbers by using a key corresponding to akey held in said server.
 13. A device according to claim 10, whereinsaid non-volatile memory stores a digital certificate issued by acertificate authority, and a part of said series of security processesincludes a managing process for reading out said digital certificatefrom said non-volatile memory and outputting it to said host apparatus.14. A device according to claim 9, wherein said controller converts thecommand from said host apparatus into a command which can be interpretedby said IC and outputs the converted command to said IC.